From cb27e100fffb09dd67de8757944263ec71f27a71 Mon Sep 17 00:00:00 2001 From: shim_ <> Date: Fri, 4 Jan 2019 13:51:01 +0100 Subject: [PATCH] basics --- .gitmodules | 3 +++ Dockerfile | 28 ++++++++++++++++++++++++++++ init.sh | 25 +++++++++++++++++++++++++ wireguard-go | 1 + 4 files changed, 57 insertions(+) create mode 100644 .gitmodules create mode 100644 Dockerfile create mode 100755 init.sh create mode 160000 wireguard-go diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..b8270fa --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "wireguard-go"] + path = wireguard-go + url = https://git.zx2c4.com/wireguard-go diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..84cc9fa --- /dev/null +++ b/Dockerfile @@ -0,0 +1,28 @@ +FROM golang AS build + +COPY wireguard-go /go/src/wireguard + +WORKDIR /go/src/wireguard + +RUN echo "package main" > ./donotuseon_linux.go && go get + +RUN go build + +FROM frolvlad/alpine-glibc + +RUN echo http://nl.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositories && apk --no-cache add wireguard-tools + +ENV WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1 + +COPY --from=build /go/bin/wireguard /usr/bin/wireguard-go + +COPY init.sh /init.sh + +RUN chmod +x /init.sh + +VOLUME /etc/wireguard/ + +EXPOSE 51820/udp + +ENTRYPOINT /init.sh + diff --git a/init.sh b/init.sh new file mode 100755 index 0000000..73b9af1 --- /dev/null +++ b/init.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +umask 077 +set -e + +WG_IF=${WG_INTERFACE:-wg0} +PHY_IF=${WG_HOST_INTERFACE:-eth0} +ADDRESS=${WG_ADDRESS:-192.168.2.1/24} + +if [ ! -f "/etc/wireguard/$WG_IF.conf" ]; then + mkdir -p /etc/wireguard/keys + wg genkey | tee /etc/wireguard/keys/$WG_IF | wg pubkey > /etc/wireguard/keys/$WG_IF.pub + + echo "[Interface]" > /etc/wireguard/$WG_IF.conf + echo "PrivateKey = $(cat /etc/wireguard/keys/$WG_IF)" >> /etc/wireguard/$WG_IF.conf + echo "Address = $ADDRESS" >> /etc/wireguard/$WG_IF.conf + echo "ListenPort = 51820" >> /etc/wireguard/$WG_IF.conf + echo "PostUp = iptables -A FORWARD -i $WG_IF -j ACCEPT; iptables -t nat -A POSTROUTING -o $PHY_IF -j MASQUERADE" >> /etc/wireguard/$WG_IF.conf + echo "PostDown = iptables -D FORWARD -i $WG_IF -j ACCEPT; iptables -t nat -D POSTROUTING -o $PHY_IF -j MASQUERADE" >> /etc/wireguard/$WG_IF.conf + echo "SaveConfig = true" >> /etc/wireguard/$WG_IF.conf + + echo "Generated Config for $WG_IF, Publickey: $(cat /etc/wireguard/keys/$WG_IF.pub)" +fi + +/usr/bin/wireguard-go -f $WG_IF diff --git a/wireguard-go b/wireguard-go new file mode 160000 index 0000000..f49da8b --- /dev/null +++ b/wireguard-go @@ -0,0 +1 @@ +Subproject commit f49da8b7ad99b479b9221426eec865cd5ee09a30